Hi Rich, I reinstalled all my server from scratch and reimported all my data (with cert files). If I try to synchronize my data, I can import users from AD to 389-DS but I can't do the opposite. My 389 server replica is always in status "in progress" with "replica acquired successfully : incremental update started", but it can't finish the synchronization job. I could also continue to launch request to my AD server from my 389-DS server (ldapsearch...). I successfully add a user to my AD with Apache Directory Studio (installed on my 389-DS server) with the AD synchronizing account. So, it's not an access problem. Moreover I added a schema on my 389-DS for my directory that is not present on my AD. Do you think I have to add this schema to AD or is the synchronization done only on AD required attributes ? Or, Is it a cert file problem on my AD ? or ...? Any idea would be appreciated Regards- 2011/1/25 Rich Megginson <rmeggins at redhat.com> > On 01/25/2011 01:29 AM, remy d1 wrote: > > Hi Rich, > > I tried to raise the log level, but when I did it, I was not able to > stop/restart my dirsrv service. > > What log level did you use? What error messages did you see when you > attempted to stop/restart the service? Anything in the errors log? > > To stop it, I must kill the process and remove the pid file. Then I could > start it. > > In my error logs, there is a lot of informations : > > > [root at KingKong ~]# tail /var/log/dirsrv/slapd-KingKong/errors > [24/Jan/2011:16:18:30 +0100] NSMMReplicationPlugin - changelog program - > cl5GetOperationCount: could not get DB object for replica > [24/Jan/2011:16:18:30 +0100] NSMMReplicationPlugin - changelog program - > _cl5GetDBFile: no DB object found for database > /var/lib/dirsrv/slapd-KingKong/changelogdb/1d934402-27b111e0-b651ef2e-02b602d3_4d0b28870000ffff0000.db4 > [24/Jan/2011:16:18:30 +0100] NSMMReplicationPlugin - changelog program - > cl5GetOperationCount: could not get DB object for replica > [24/Jan/2011:16:18:40 +0100] NSMMReplicationPlugin - changelog program - > _cl5GetDBFile: no DB object found for database > /var/lib/dirsrv/slapd-KingKong/changelogdb/1d934402-27b111e0-b651ef2e-02b602d3_4d0b28870000ffff0000.db4 > [24/Jan/2011:16:18:40 +0100] NSMMReplicationPlugin - changelog program - > cl5GetOperationCount: could not get DB object for replica > [24/Jan/2011:16:18:41 +0100] NSMMReplicationPlugin - changelog program - > _cl5GetDBFile: no DB object found for database > /var/lib/dirsrv/slapd-KingKong/changelogdb/1d934402-27b111e0-b651ef2e-02b602d3_4d0b28870000ffff0000.db4 > [24/Jan/2011:16:18:41 +0100] NSMMReplicationPlugin - changelog program - > cl5GetOperationCount: could not get DB object for replica > [24/Jan/2011:16:18:42 +0100] NSMMReplicationPlugin - changelog program - > _cl5GetDBFile: no DB object found for database > /var/lib/dirsrv/slapd-KingKong/changelogdb/1d934402-27b111e0-b651ef2e-02b602d3_4d0b28870000ffff0000.db4 > [24/Jan/2011:16:18:42 +0100] NSMMReplicationPlugin - changelog program - > cl5GetOperationCount: could not get DB object for replica > [24/Jan/2011:16:24:18 +0100] NSMMReplicationPlugin - changelog program - > cl5ExportLDIF: failed to locate changelog file for replica at > (dc=mydomain,dc=com) > > > This problem is very similar to this post : > > http://www.redhat.com/archives/fedora-directory-commits/2009-March/msg00005.html > Although I have the last version of 389-DS. > > Are you sure this is the correct post you wanted to refer to? Because this > is a patch commit for a fix when moving the changelog directory - did you > move the changelog directory? Because you did not mention it in your > earlier post. > > > I think I have also some troubleshooting with my hostname because bind is > not configured. However, I have choosen to put it my /etc/hosts file > [root at KingKong ~]# nl /etc/host.conf > 1 multi on > 2 order hosts,bind > hostname command reply the full "fqdn" if I choose the option --all-fqdn, > contrary to the option "--fqdn". The reply is just my hostname without the > domain. By the way, if I say > #hostname KingKong.mydomain.com > Eveything is now good for my hostname but I can not launch my 389-console. > I think the adress to connect is not ok... I do not know if this problem is > linked to the previous problems... > > So, I do #hostname KingKong > Then, I launch the console again. Now, if I try to initiate a full > synchronization, I can see (and I am still stuck on it) the window "please > wait while data is being synchronized...", but nothing else... Data are not > synchronized and I do not see anything in my Windows event viewer while > replica agreement seems to be ok and PassSync service is installed... > > It is very difficult to change your hostname after you have configured the > admin server and console. I suggest starting over from scratch, and first > make sure your hostname is correct. > > I also suggest using > http://docs.redhat.com/docs/en-US/Red_Hat_Directory_Server/8.2/html-single/Administration_Guide/index.html#Windows_Syncto configure Windows Sync. > > > > Thanks for help, > > -Regards > > 2011/1/21 Rich Megginson <rmeggins at redhat.com> > >> Date: >> Fri, 21 Jan 2011 10:25:56 +0100 >> To: >> "General discussion list for the 389 Directory server project." >> <389-users at lists.fedoraproject.org> <389-users at lists.fedoraproject.org> >> >> Hi Rich, >> >> Thanks for this usefull link. >> >> I have successfully initiate replica between Windows AD and my server >> 389-DS. Ldapsearch is working. But even if everything seems to be ok, the >> update does not work and I do not see any error in the log files... So, my >> AD server stay empty, the accounts are not migrate... >> >> Here you have my access log file which is more verbose... (mydomain.comfor the example) : >> >> <snip> >> >> Obviously I am connecting to the server 389-DS itself whereas it can >> resolve the DNS name of my Windows server... There is no error in the AD >> event viewer while I could see errors on it when it was misconfigured(like DirSync errors)... So, basically, the Windows server is contacted to >> my DS-Server over 2 different networks. >> >> Do you think I have to open the ports described in my message ? >> >> -Regards. >> >> I don't know. There is no winsync information in the access log. Note >> that the access log records client accesses to the directory server, and in >> winsync, the directory server itself acts as a client to AD, so winsync will >> log nothing in the access log. The errors log could be helpful, and >> especially using the replication log level (which is also used for winsync >> logging). The Windows Event Viewer is useless for winsync issues. >> > > > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.fedoraproject.org/pipermail/389-users/attachments/20110209/7bcdada9/attachment-0001.html
